Presented at
Black Hat Asia 2020 Virtual,
Oct. 2, 2020, 12:30 p.m.
(40 minutes)
<span>Voltage glitching is a developing technique in hardware hacking that has shown much promise, allowing bypass of security mechanisms and disclosure of firmware and secrets at the physical layer. Current glitching platforms are limited to custom hardware, which makes scaling difficult. But what if we turned FPGAs into glitchers instead, making the platform portable between physical boards? As it turns out, this approach provides several advantages. We are able to provide any resolution we like for the glitch signal, limited only by the PLL or internal oscillator of the FPGA board we want to use; For example, the FPGA used for our initial prototype allows 10ns resolution. These advantages, plus some unique features, makes ours an interesting solution for professional fault injection applications.</span><br> <br><span>In this talk, we will explain how we built our own glitching tool, Raiden, to give everyone the ability to do professional-grade glitching at a much lower price, with simplified management via Python API to make it user friendly. We'll also release our code so you can make your own with a spare FPGA, and demonstrate real-world attacks that can be performed with up-to-date glitching techniques. We'll also show a demonstration of alternate uses for such a platform by performing hardware fuzzing on a system using Wiegand.</span>
Presenters:
-
Adam Laurie / Major Malfunction
- Global Security Associate Partner, IBM X-Force Red
as Adam Laurie
Adam Laurie is an old school hacker, DEF CON Quartermaster who specializes in embedded systems and OTA protocols.
-
Grzegorz Wypych
- Senior Security Consultant, IBM X-Force Red
Grzegorz <span>Wypych is a </span>37 year old security researcher, tool inventor, speaker at <a href="https://protect-us.mimecast.com/s/75eICjRvnlfjnJnm2u5WAhl?domain=hardware.io" target="_blank" rel="noopener" style="outline: none;" data-mce-href="https://protect-us.mimecast.com/s/75eICjRvnlfjnJnm2u5WAhl?domain=hardware.io" data-mce-style="outline: none;">hardware.io</a>, SecurityPWNing - Poland. He specializes in reverse engineering binaries and fault injection attacks. He is the author of blogs on <a title="https://protect-us.mimecast.com/s/KzHOCkRwomfnO0OB7i9IucM?domain=securityintelligence.com" href="https://protect-us.mimecast.com/s/KzHOCkRwomfnO0OB7i9IucM?domain=securityintelligence.com" target="_blank" rel="noopener" style="outline: none;" data-mce-href="https://protect-us.mimecast.com/s/KzHOCkRwomfnO0OB7i9IucM?domain=securityintelligence.com" data-mce-style="outline: none;">securityintelligence.com</a>, reporting 0-day vulnerabilities for IoT devices. Before joining X-Force Red, he worked as a Software Developer and Network Engineer/Architect.
Links:
Similar Presentations: